Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings
Open, LowPublic
Actions

Assigned To

None

Authored By

	Bawolff
	Nov 25 2019, 9:48 AM

Description

Would be a good hardening step for people using MW with apache who have .htaccess enabled, once we have enabled our CSP and verified that it works well.

Details

	Subject	Repo	Branch	Lines +/-
	[DNM] Set a CSP header to sandbox uploaded files	mediawiki/core	master	+88 -0

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Open	None	T44725 Multimedia file format support (tracking)
Open	None	T138665 Support SVG interactivity and animation in media-viewer
Open	None	T5593 [Epic] SVG client side rendering
Open	None	T208578 SVG client side rendering for specific SVGs
Open	None	T134482 Beta feature for opt-in client side SVG rendering
Open	None	T28508 Content Security Policy (CSP)
Open	None	T239069 Give MW a .htaccess in the images directory to mirror Wikimedia's CSP settings

Event Timeline

Bawolff created this task.Nov 25 2019, 9:48 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 25 2019, 9:48 AM

Change 547930 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/core@master] [DNM] Set a CSP header to sandbox uploaded files

https://gerrit.wikimedia.org/r/547930

gerritbot added a project: Patch-For-Review.Nov 25 2019, 9:49 AM

Bawolff moved this task from Backlog to MediaWiki on the ContentSecurityPolicy board.Nov 25 2019, 9:52 AM

Bawolff triaged this task as Low priority.Nov 25 2019, 11:40 AM

Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Mar 27 2023, 2:08 AM

bd808 added a parent task: T28508: Content Security Policy (CSP).Jun 7 2023, 7:39 PM

TehKittyCat subscribed.Mar 4 2024, 2:21 AM

TheDJ added a parent task: T134482: Beta feature for opt-in client side SVG rendering.Mar 22 2024, 12:34 PM